Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6679

Proxy server should remove the Affinity Control when sending request to the remote backend...


    • Type: Bug
    • Status: Dev backlog
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: proxy
    • Labels:


      The Affinity Control can be used by client applications that want requests to be routed to the same server via the Proxy.

      But the control is embedded in the request and thus sent to the backend directory as well, when the Affinity Load-Balancer is used (the Least-requests load-balancer does remove the Affinity Control is received from the client).

      If the backend directory doesn't support the Affinity Control or doesn't allow the users to make use of it, the request fails. 

      But the goal of the Affinity control is purely at the proxy level. So the proxy should not send it downstream.

      A workaround is to send the Affinity control with a criticality of false. But then it's unknown whether it will be honoured by the proxy or not.


      ./bin/ldapsearch -h localhost -p 9389 -D uid=user.1,ou=people,dc=example,dc=com -w password -J -b "dc=example,dc=com" '(uid=user.2)'
      # The LDAP search request failed: 12 (Unavailable Critical Extension)
      # Additional Information: The request control with Object Identifier (OID) "" cannot be used due to insufficient access rights
      $ ./bin/ldapsearch -h localhost -p 9389 -D uid=user.1,ou=people,dc=example,dc=com -w password -J -b "dc=example,dc=com" '(uid=user.2)' dn
      dn: uid=user.2,ou=People,dc=example,dc=com





            • Assignee:
              ludo Ludovic Poitou
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: